#1 2024-05-12 07:50:28

nakisen
Member
Registered: 2021-04-30
Posts: 16

URL encoded form parameters parsing

I need to parse the following encoded form values. I use the "UrlDecodeNextNameValue" function for this. However, the result is as follows;

  //original decoded value
  name "time >="  value "1715497685"

  //encoded form value
  time%20%3C%3D=1715497685

  // UrlDecodeNextNameValue(time%20%3C%3D=1715497685) result
  // name "time >"    value "=1715497685"
  
  // Expected
  // name "time >="    value "1715497685"

Does the UrlDecodeNextName() function return an expected value? Will the following change cause different problems?

// mormot.core.buffers 
// Line 8290 has been changed
...
      #0:
        exit;
      '=':
        begin
          result := U + 1;
          break;
        end;
      '%':
        if HexToCharValid(pointer(U + 1) {$ifndef CPUX86NOTPIC}, tab{$endif}) then
          inc(U, 3)
        else
          inc(U);
...

Offline

#2 2024-05-12 13:59:52

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: URL encoded form parameters parsing

URI encoding is defined officially as name=value pairs.

But IIRC some implementations requires to identify %3D also as = separator.
That is, 'where=name+like+%3A%28%27Arnaud%25%27%29%3A' is handled the same as 'where%3Dname+like+%3A%28%27Arnaud%25%27%29%3A'.

Perhaps this is wrong. But I remember having added this behavior some years ago with mORMot 1 for compatibility with some clients, and I would not like to change it now.
Some regression tests in TTestCoreProcess.UrlEncoding are explicitly checking for this behavior.

Offline

Board footer

Powered by FluxBB